Sensitivity vs Threshold

Sensitivity vs Threshold 

In video surveillance, sensitivity determines the smallest motion a camera can detect, while threshold defines the magnitude of that motion needed to trigger an event. A higher sensitivity setting allows the camera to register even minor movements, whereas a higher threshold makes it harder to trigger an event, requiring a more significant amount of motion to activate the motion detection. You often adjust these together to reduce false alarms from things like light changes while still capturing real events like a person or vehicle.

Sensitivity measures how responsive a system is to a stimulus, while the threshold is the minimum stimulus energy or change required to trigger a response, with sensitivity being the reciprocal of the threshold. In simpler terms, a high sensitivity means a low threshold and the system responds to small or subtle changes, whereas a low sensitivity implies a high threshold, requiring a significant change to elicit a reaction. 

Sensitivity

·        Definition: The ability of a system or person to detect a stimulus or respond to a change.

·        What it is: The ease with which a camera detects motion. 

·        Measurement: It is often defined as the inverse of the threshold. 

·        Function:  A high sensitivity means a system is more responsive and can detect very weak or small signals/changes.

·        How it works: A higher sensitivity value means the camera's motion detection algorithm is more "tuned in" to changes in pixels, allowing it to pick up on smaller or fainter movements.

·        Effect: A high sensitivity can lead to more alerts, as it's more likely to trigger from small, irrelevant movements. 

·        Example: A person with high sensitivity to noise might hear a faint sound that others don't. 

Threshold

·        Definition: The minimum level of stimulus energy, intensity, or change that is needed to activate a system or produce a detectable response.

·        What it is: The minimum amount of movement required to trigger a motion event.

·        Measurement: The specific level of input that is just enough to cause a reaction. 

·        Function: A low threshold means the system is easily triggered, while a high threshold requires a greater stimulus for a response.

·        How it works: It sets the bar for how much of a motion pixel change must occur before an alert is generated.

·        Effect: A higher threshold makes the system less likely to trigger, while a lower threshold will trigger the event more easily.

·        Example: A security camera's motion threshold determines the minimum amount of pixel change required to trigger an alarm. 

Relationship in Practice

·        Sensitivity and Threshold are Inversely Related: 

When sensitivity is high, the threshold is low, meaning less stimulus is needed for a response. Conversely, when sensitivity is low, the threshold is high, requiring a stronger stimulus to get a reaction. 

·        Adjusting for Performance: 

In tasks like motion detection, you adjust these settings together.

ü  Low sensitivity (high threshold): Reduces false alarms but may miss actual events. 

ü  High sensitivity (low threshold): Detects more subtle changes but increases the risk of false alerts.

Balancing Sensitivity and Threshold

·        Reduce False Alarms: You can use a combination of a higher threshold and moderate sensitivity to avoid triggering events from non-threatening movements (like swaying branches). 

·        Capture Key Events: You might use high sensitivity with a higher threshold to ensure you don't miss real events while still filtering out minor disturbances. 

Threshold value

As you mentioned the threshold value is a number in % and is the amount of pixels that is covered by the object relative the total amount of pixels in the picture. Let’s say that a person cover 15% of the total amount of pixels. Then the threshold value is 15%. For the system to detect that person the threshold level must be set to a lower value than 15%, let´s say 10%. Now, if something covers more than 10% of the pixels in the field of view the system will acknowledge that as an object of interest. But, that information will solely not trigger the system for motion detection… Therefore, we need a second parameter called Sensibility value.

Sensibility value

Sensibility is a parameter connected to if the object is moving slowly or fast. If the object is moving at all or if it is moving slowly or fast is determined from more mathematical calculations during a certain time interval. Let´s say that at time=1 the calculation gives the first threshold value. A specific time later at time=2 the second calculation gives the next threshold value and after time=3 it gives the third threshold value. If all these threshold values are the same the object is not moving and the system will not generate a motion trigg to start a recording of a video. But, if it is a difference between the threshold values something is happening with the object and it gets interesting. If the differences between the threshold values are small the object is probably moving slow. If the difference is big the object is probably moving fast. Let´s say that the system calculates a sensibility value that is between 0 and 100. A value of 0 means no change in motion, completely still. A value of 100 means t that the object is moving very fast. In Netcam system the Sensibility can be set to; very high – normal – very low. If you want to detect an object that moves very slowly you need to set the Sensibility to very high. Small changes in the sensibility value should be recognized as important and tell the system that here is something important going on. If the object is moving fast the sensibility value is high and it will also be recognized by the system as important. Well, why not always set the Sensibility to very high because then we will never miss a moving object? That is the million dollar question. If you set the Sensibility to very high it will detect everything and you will have a lot of false alarms! If you set the Sensibility to very low you will most likely never get a false alarm, but you will never get the moving object of interest either. Setting the Sensibility correct needs quite often some testing since it is very dependent of the situation.

‘Sensitivity’ is specified by most camera manufacturers using the ISO 12232 methodology. When using this saturation-based method, a higher ISO value means that it takes less light for the image to reach saturation but does not define how sensitive a sensor is to light (i.e., how many electrons are generated per incident photon) relative to the sensor noise.

ISO 12232 was established to give people an idea how a digital sensor compared to film speed, however it was never intended to give a full range of sensor performance. High-speed cameras are used in applications that demand good performance in low-light environments, which can not be determined by the ISO spec. To achieve a higher ISO rating the display settings of an image can be manipulated, such as by reducing the bit depth or full-well capacity. These specific changes make the image appear brighter but have an adverse effect on image quality and performance.

Consider the following limitations with the ISO 12232 specification when using it to compare high-speed cameras:

·        ISO 12232 does not account for noise performance. Instead, meaningful sensor qualities like Temporal Dark Noise (aka Read Noise) and Absolute Sensitivity Threshold, which indicates how well the sensor can identify detail from noise, are key attributes to discerning low light performance of the camera.

·        ISO is easily manipulated with added gain, which lowers Signal-to-Noise Ratio (SNR) and lowers Dynamic Range (DR). This trade-off gets masked because SNR and DR are not always reported, particularly not in relation to ISO. 

·        The rounding factor – Because ISO is based on film speed, manufacturers are instructed to round up to the closest defined ISO value above what was measured. This can inflate the value by up to 1/3 F-stop and is one reason it is not possible to get accurate photon level measurements with ISO as the basis for sensitivity.

·        The light source used for measuring ISO can be Tungsten or Daylight, and a monochrome camera using a Tungsten source will have a much higher spec when an IR filter is not used. Many applications do not have scattered or reflected light matching the spectrum of tungsten or daylight sources. Instead, it is best practice to use Spectral Responsivity plots (or QE curves) to determine how many electrons are generated relative to the number of incident photons across the visible and NIR spectrum. Spectral response curves are provided for all Phantom cameras.

Ultimately, there are too many unknowns to rely on the ISO 12232 specification when comparing sensitivity or any aspect of image quality. Vision Research has moved away from ISO as the way to spec sensitivity in favor of the EMVA 1288 standard, providing customers a full set of sensor parameters to evaluate the camera’s imaging performance.

 

ELV Systems

What are Extra-Low Voltage Systems (ELV)? 

Extra-Low Voltage means the voltage of electricity supply is in a range that is low enough that it does not carry any high risk of any high voltage electrical shock(s).

The range of voltage that can be classified as Extra-Low Voltage is alternating current not exceeding 50 V AC and direct current not exceeding 120 V DC (ripple free). This is based on the standards as per EN 61558 or BS 7671.

The term extra-low voltage ("ELV") means an operating voltage not exceeding 50 Volt alternating current (a.c.) or 120 Volt ripple free direct current (d.c.) as defined in Australian / New Zealand Standard AS/NZS 3000.

Therefore, Extra-Low Voltage Systems are any electrical systems that can operate on a low voltage with the voltage criteria as per above.

Key Characteristics

·        Low Voltage:The most defining feature is their safe, low-voltage operation, which reduces the risk of electric shock. 

·        Non-Core Systems:ELV systems are separate from the building's main, high-voltage electrical power system. 

·        Integrated Technologies:They are the "smart" components of a building, connecting devices and managing data. 

In this article, we are going to share more about different components of ELV systems.

Components of ELV Systems

Video Surveillance System:

Video-surveillance systems, also more commonly known as Closed Circuit Television, in short "CCTV", is made up of a network of cameras and recording systems that are connected to each other. This system would be classified as a ‘closed’ system as the system operates independently, unless it’s part of an ELV integrated system. A CCTV system is an effective way to monitor and secure any sensitive area(s).

Currently, cameras can be connected either wired or wireless to a CCTV system. CCTVs are an effective deterrence to any threats or area(s) that require constant offsite monitoring.

The key points in installing CCTV cameras is the positioning of the camera, to ensure that the camera can monitor the required area in its scope of view as well as the clarity of the video footage to ensure usability of the footage if necessary.

Access Control System – ACS:

Access control systems are a key feature of any security system hub that can secure, monitor and manage the access of staff in any type of building. With this system, staff can either be given access cards or using fingerprints(biometric), they are able to be granted access to various areas of the premises.

Nowadays, these systems ‘speak’ to each other wirelessly and usually connected to the local area network to reduce hard wiring cost and flexibility of the positioning of the system itself. At times, the access control system might be a part of a bigger integrated ELV system which allows central control of multiple different systems.

Public Address Voice Alarm System – PAVA:

A public address system is a system that allows an amplification of your voice through microphones and loudspeakers. Its purpose is to enhance the volume of human voice or any other sound for that matter.

The general alarm system allows remote control of alarms and flashing lights(beacons).

Combined, this system would serve a general use of relaying information or be used in the case of any emergency evacuations.

Fire Detection & Alarm System - FDAS:

Fire Alarm Control Panel is the brain of the system. Receives input from detectors, Manual call points & sends output to sounders/bells.

ELV fire alarm systems can provide early warning of fires in public and state facilities, allowing for prompt evacuation and reducing the risk of injury or death. These systems can also be integrated into building management systems to provide automatic fire suppression, such as sprinklers or fire extinguishers.

LAN and IP-BX System:

LAN stands for local-area network and is basically an interconnected computer network that usually covers a small area. This network of computer/devices can be connected to each other via physical wires called LAN cables or wirelessly (radio waves).

A telephone system is a group of interconnected telephones connected either via telephone lines or via LAN cables which then communicate using ‘Voice over Internet Protocol’ or in short VoIP.

Intrusion Alarm System - IAS

An intrusion alarm system — also known as a burglar alarm system — is an important security measure that can protect your business from unwanted intruders, theft, vandalism, and property damage.

Intrusion alarm systems provide several key benefits for businesses, such as increased safety for building occupants, faster response times to breaches, and lower insurance premiums. By investing in an intrusion alarm system, you are taking a proactive approach toward the safety and security of your property.

Nurse call system - NCS

A nurse call system is a healthcare technology solution in hospitals and nursing homes that allows patients to request assistance from staff by pressing a call button or using a pendant. These systems feature call buttons, receiving units at the nurse's station, and often wireless devices like pagers or watches to notify nurses in real-time. The primary goal is to ensure timely patient care, improve safety by reducing response times, and enhance staff efficiency through features like real-time alerts and reporting.

Trunk Radio System – TRS

A trunk radio system is a system whereby all available radio channels are placed in one single pool. When for example person A requires to transmit, a channel is automatically picked from the pool and used for person A’s transmission. Once the transmission is completed, the channel that person A was using will be placed back into the pool for others to use.

This system is highly beneficial as radio channels are limited by nature as for example, if all radio channels are taken up, we can’t physically or manually ‘create’ new channels. By using a trunk radio system, it’s more efficient in a sense there is a higher chance a user will get access to an available channel when required.

Home Automation System -  HAS:

Home automation is nothing but the mechanical management and administration of intelligent electronic appliances in a house. Sequencing pre-programmed smart devices to meet the unique needs of the residents is what a home automation system does.

In a home automation solution, devices can trigger each other without any human intervention. Furthermore, it allows users to schedule automated processes like switching the lights, controlling the temperature, calibrating the entertainment system, and more. What is home automation? It is an integrated system that makes life more convenient and helps in saving a variety of costs.

Fence Intrusion Detection System – FIDS

A fence intrusion detection system or FIDS for short is a security system whereby the key purpose of this system is to be able to detect any breaches that occur on any perimeter fences.

There are multiple sensors installed on different parts of the fence so whenever an intrusion is detected in a certain fenced area, if there is a CCTV nearby, the security personnel would be able to angle the CCTV to view the intrusion if possible. If necessary, a physical check on the fence is needed as well to ensure the security and integrity of the perimeter.

Building Management System - BMS:

Building Management Systems (BMS) that integrate and control various building functions. There are multiple sensors installed on different parts of the utility system. BMS Engineer control all utility system from single room. Building Management System also known as IBMS and BAS in Americas and the European countries.

IO Points are further categorized into analogue & digital, with suitable field devices. & sophisticated third party devices fixed in a building ranging from grounding an elevator to monitoring the water level of a sump to monitoring & controlling the properties of HVAC (Heating, Ventilation & Air Conditioning) equipment that is the Temperature, RH, Pressure.

Water Leak Detection (WLD) system:

Early Water Detection is essential in a lot of businesses, for example, data centers, industrial sites, offices, hotels, residential buildings, and more. With the right detection of water and early alert, costly water damage can be avoided. HW group offers several products that provide ideal solutions for Water Leak Detection (WLD) that are developed to protect your facility against any water damage that might threaten you.

Water Leak Detection uses a sensing cable that detects water along the entire cable length and a WLD device (WLD2 / NB-WLD / ...) that can communicate an alarm in case of water occurrence (a few drops anywhere on the cable is enough).

Master Clock System – MCS:

A master clock system is an interconnected system of clocks whereby slave clocks would take reference of time from a reference clock, also known as a master clock. These slave clocks would synchronize their time with the master clock. In this way, the time across both the master and slave clocks would be the same.

The use of master clock systems can be used in a variety of industries such as for the IT sector and military or anywhere that requires an extremely high degree of time accuracy.

Rodent Repellent System:

Rodent repellent is a device unit that emits ultrasonic sound waves to create an acoustically hostile environment that repels rodents. This helps to keep your Data Center free form rodents. Frequency of sound will induce rodents to move away from Data Center premises. As per research by University of Nebraska, Rodent Repellent is a proven device. Rodents under test could either leave the buildings or move to alternate non-ultrasonically treated areas.

As Data Center is the important business premises, we need to protect it from many risks.

Exit Stopper Door Alarms:

The highly effective Exit Stopper can serve as an inexpensive security device and help stop theft by alerting you to any unauthorized exits or entries through emergency exit doors. Standalone fire exit stopper alarm with one relay for integration with fire alarm system.

Professional Display & Signage

Professional display screens are high-quality, commercial-grade screens specifically designed for continuous use in business settings. Unlike consumer-grade TVs, they’re engineered to operate reliably for extended hours, often supporting 24/7 use without compromising on display quality or durability. Professional displays come with advanced features like remote content management, high brightness, and enhanced connectivity options, making them ideal for business environments.

ELV digital signage systems can provide real-time information, such as maps, directions, and event schedules, for tourists. This can improve convenience and enhance the overall experience by providing accurate and up-to-date information.

GRMS System:

Operates light management (on, off, or dimmer), automatic curtain openings (including blinds and rolling shutters), HVAC, TVs, and “do not disturb” or “make up room,” alerts based on the presence or absence of the guest in the room.

Mobile Phone and Wireless Distribution: 

Seamless connectivity, accessibility, and communication throughout a building.

Vehicle Tracking System

The GPS based Vehicle Tracking System comprises of an in-vehicle tracking system that consists of a GPS receiver unit, CDMA/GSM Modem, on-device Data Storage unit, other peripherals, and a web-based application. Through this system, the users will have the facility to monitor the movement and gather entire information of any vehicle.

IoT:

The IoT provides the connectivity that enables real-time monitoring and control of building systems, both on-site and remotely. With IoT-enabled BMS, building operators can monitor and control systems from anywhere, anytime, through a single user interface. This allows for greater efficiency, cost savings, and improved building performance.

In smart infrastructure, ELV systems, BMS, and IoT play a similar role in optimizing and monitoring the performance of critical infrastructure systems, such as energy grids, water supply networks, and transportation systems. These systems can be monitored and controlled in real-time to improve efficiency, reduce costs, and ensure reliability.

Role of IOT in improving ELV systems

The Internet of Things (IoT) can significantly improve ELV (Extra-Low Voltage) systems. IoT technology can connect and monitor ELV systems, providing real-time information, control, and automation capabilities.

Here are some ways in which IoT can improve ELV systems:

1.   Monitoring and Control: IoT devices, such as sensors and actuators, can control ELV systems, such as lighting, HVAC, and security systems. This can provide real-time information and allow for remote control of these systems, improving efficiency, comfort, and security.

2.   Predictive Maintenance: IoT technology can collect data from ELV systems and analyze it to predict when maintenance is needed. This can improve system reliability and reduce downtime, increasing efficiency and reducing costs.

3.   Energy Management: IoT technology can monitor and control energy consumption in ELV systems, reducing waste and improving energy efficiency. This can contribute to sustainability and reduce costs.

4.   Integration: IoT technology can integrate ELV systems with other building management systems, such as BMS (Building Management Systems), providing a more comprehensive and integrated solution.

5.   Real-time Analytics: IoT technology can collect and analyze real-time data from ELV systems, providing valuable insights into system performance and usage patterns. This can help to optimize system operation and improve decision-making.

Role of AI in ELV systems

Artificial Intelligence (AI) is playing an increasing role in ELV systems, including lighting control, building automation, audio and video systems, security systems, and more. AI can be used to improve the performance, efficiency, and intelligence of ELV systems in several ways:

1.   Predictive Maintenance: AI can analyze data from ELV systems to predict when maintenance or repairs will be required. This can reduce downtime and improve the overall reliability of the systems.

2.   Energy Efficiency: AI can optimize energy consumption in ELV systems, such as lighting control systems. For example, AI algorithms can analyze occupancy patterns and adjust lighting levels accordingly to reduce energy consumption.

3.   Real-Time Monitoring: AI can monitor ELV systems in real-time, providing early warning of potential issues and allowing for proactive maintenance and repairs.

4.   Automated Decision-Making: AI can automate decision-making processes in ELV systems, such as lighting or HVAC control. For example, AI algorithms can automatically analyze weather data and occupancy patterns to adjust heating and cooling levels.

5.   Improved User Experience: AI can improve the user experience of ELV systems, such as voice-controlled lighting control systems or personalized audio and video systems.

Role of cyber security for ELV systems

Cybersecurity is critical for ELV systems due to the sensitive nature of the systems and the potential consequences of a security breach. ELV systems are integrated into building management systems and often control essential functions, such as lighting, heating, ventilation, air conditioning, and security systems. Therefore, a breach of an ELV system can result in unauthorized access, loss of sensitive information, or disruption of critical building functions.

Here are some ways in which cyber security is essential for ELV systems:

1.   Protecting Sensitive Information: ELV systems often contain sensitive information, such as building plans, access codes, and security camera footage. Cybersecurity measures are necessary to protect this information from unauthorized access or theft.

2.   Preventing Unauthorized Access: ELV systems can be vulnerable to hacking or unauthorized access, allowing attackers to control or disrupt building functions. Cybersecurity measures, such as firewalls, access control systems, and encryption, are necessary to prevent unauthorized access.

3.   Maintaining Building Functionality: A breach of an ELV system can result in the disruption of critical building functions, such as heating, cooling, lighting, and security systems. Cybersecurity measures are necessary to maintain the functionality of these systems and protect against disruptions.

4.   Compliance with Regulations: Many countries have regulations and standards for cybersecurity in buildings, such as the European Union's General Data Protection Regulation (GDPR) and the United States Federal Information Processing Standard (FIPS). ELV systems must comply with these regulations to protect sensitive information and the security of building functions.

Conclusion

Now that you understand more about ELV systems and their various components, SSA INTEGRATE provides ELV system integration services for the telecommunications, security, surveillance and oil & gas industries.

We have a team of highly experienced engineers and technicians who would be able to assist you in any challenging system integration issues.

Our service is that we can design, supply and commissioned full ELV integrated systems, complete with detailed testing and following the actual site condition to ensure full functionality before handing over the project. Also we provide Information Security Management System audit as per ISO/IEC 27001: 2022.

Due to our experience in installing explosion proof systems, we are well versed in working and installing ELV systems in hazardous environments.

Privileged Access Management

Privileged Access Management 

Privileged access management (PAM) is defined as the provisioning of tools that help organizations manage and secure accounts that have access to critical data and operations. Any compromise in these ‘privileged’ accounts can lead to financial losses and reputational damage for the organization.

Every organization’s infrastructure is built with multiple levels of deployments, data stores, applications, and third-party services. Some of these components are critical for operations, while some may be as mundane as email.

But each of these is accessed by user accounts, which are of two types:

Human users: They are typically employee accounts, encompassing all departments, including HR, DevOps, and network administrators. 

Automated non-human users: These are third-party applications and services that require an account to integrate with the organization’s systems.

‘Privilege’ is defined as the authority that an account has to modify any part of the company’s technology architecture, starting from individual devices to the office network. This privilege allows the bypassing of security restraints that are normally applied across all accounts.

A standard account is a norm among employees, with the least privileges attached to it. These accounts are used to access and operate limited resources such as internet browsing, emails, and office suites. A privileged account possesses more capabilities than a standard account. This elevated access is gained using privileged credentials.

Despite the numerous headline-making incidents in recent years, cybercrime continues to rise with reported data breaches increasing by 75% over the past two years. For those that suffer a breach, the repercussions can be costly:

increased public scrutiny, costly fines, decreased customer loyalty and reduced revenues. It is no wonder that cybercrime has risen towards the top of the concern list for many organisations and the customers with whom they do business.

You’ve heard many of the stories. Equifax, Uber, Facebook, My Heritage, Under Armor, and Marriott. Personal data from millions of their customers was stolen. Even though the number of breaches went down in the first half of 2018, the number of records stolen increased by 133 percent to almost 4,5 billion records

worldwide. Unfortunately things are only likely to get worse. According to a 2018 study from Juniper Research, an estimated 33 billion records will be stolen in 2023 – this represents a 275 percent increase from the 12 billion records

that are estimated to have been stolen in 2018.

Are you ready for more bad news? Thanks to the demands of the application economy, the threat landscape has expanded and protecting against these threats has only gotten more challenging.

Victims of the future

Digital transformation is a necessity for organisations to not only survive, but thrive in the application economy. But these transformations are creating an expanding set of new attack surfaces that must be defended, in addition to the

existing infrastructure that you’ve been protecting for years. These new points of vulnerability include:

DevOps adoption: In more sophisticated IT shops, continuous delivery/ continuous testing practices have introduced automated processes that see no human intervention at all. In many cases, these scripts or tools are often using hard-coded administrative credentials that are ripe for theft and misuse.

Hybrid environments: As your IT environment has evolved to include

software-defined data centres and networks, and expanded outside of your four walls to incorporate public cloud resources and software-as-a-service (SaaS) applications, the traditional way of approaching administration and management quickly falls apart – mainly because it fails to protect new attack surfaces like management consoles and APIs.

Internet of Things: Smart devices are proliferating in our lives, from phones to watches, from refrigerators and cars to medical implants and industrial machinery. And because these devices have connectivity, not only can they be hacked, but they are already being compromised where security is inadequate or non-existent.

Third-party access: Outsourcing development or IT operations has become the

norm. In addition, many companies are sharing information with partners. However, many of these third-party employees are being granted ‘concentrated power’ via administrative access. Who is watching how they are using or potentially misusing that access?

Take hold of the flame

Stealing and exploiting privileged accounts is a critical success factor for types of attacks. This is not surprising when one considers that privileged identities have access to the most sensitive resources and data in your environment; they literally hold the keys to the kingdom.

Thankfully, there is a positive angle you can take on this fact. If privileged accounts are the common thread amongst the innumerable attack types and vulnerability points, then these accounts – and the credentials associated with them – are exactly where you should focus your protection efforts.

For many, focusing on ‘privileged users’ is difficult because its population can be so diverse. Privileged accounts and access are not just granted to employees with direct, hands-on responsibility for system administration, but also to contractors and business partners. You may even have privileged unknowns who are securing ‘shadow IT’ resources without your knowledge. And finally, in many cases, privileged accounts aren’t even people – they may be applications or configuration files empowered by hard-coded administrative credentials.

This begs the question, if you can’t even get a clear tally of who represents your privileged user population, how can you hope to protect these accounts?

By securing those accounts at each stop along the breach kill chain.

Breaking the chains

What is a kill chain? It’s the series of steps an attacker typically follows when carrying out a breach. While the chain can comprise numerous steps, there are four key ones in which privileged credentials represent the cornerstone of an attack. These include:

1. Gain access and expand: To access the network, insiders might exploit the credentials they already have, while outsiders will exploit a vulnerability in the system to steal the necessary credentials.

2. Elevate privileges: Once inside, attackers will often try to elevate their privileges, so they can issue commands and gain access to whatever resources they’re after.

3. Investigate and move laterally: Attackers rarely land in the exact spot where the data they’re seeking is located, so they’ll investigate and move around in the network to get closer to their ultimate goal.

4. Wreak havoc: Once they have the credentials they need and have found exactly what they’re looking for, the attackers are free to wreak havoc (e.g. theft, business disruption, etc.).

If you can prevent an unauthorised user – insider or outsider – from gaining access to the system in the first place, you can stop an attack before it even starts.

To prevent unauthorised access, you must:

• Store all privileged credentials in an encrypted vault and rotate these credentials on a periodic basis.

• Authenticate all users, applications, and services before granting access to any

privileged credential.

• Employ automatic login and single sign-on so users never know the privileged credential.

Limiting privilege escalation

In many networks, it’s common for users to have access to more resources than they actually need – which means attackers can cause maximum damage quickly and even benign users can cause problems inadvertently. This is why granular access controls are so important.

To limit privilege escalation, you must:

• Adopt a ‘zero trust’ policy that only grants access to the systems people need for work.

• Implement filters and white/black lists to enable fine-grained access controls.

• Proactively shut down attempts to move laterally between unauthorised systems.

Monitoring privileged activity

Whether it’s a trusted insider who wandered into the wrong area or an attacker with malicious intent, there’s a very good chance that at some point users will gain access they shouldn’t have.

The challenge, then, is to improve visibility and forensics around user activity within sensitive systems. To deter violations at this late stage of the kill chain, you must:

• Ensure that all privileged access and activity is attributed to a specific user.

• Monitor all privileged activity to proactively detect unusual behaviour and trigger automatic mitigations.

• Record all user sessions so that all privileged activities can be played back in DVR-like fashion.

• Review and certify privileged access on a periodic basis to ensure that it is still required.